erc@pai.UUCP (Eric Johnson) (10/13/88)
I just became infected with the dreaded Scores virus. Now, I could use some help and info from mac.experts. SYMPTOM THAT ALERTED ME: I have a start-up sound, and when I booted today, the sound did not play. If this happens to you, I suggest you check for a virus. FINDER VERSION: System Tools 5.0 (Finder 6.0, MultiFinder 1.0). I was running under MultiFinder on a Mac SE with 1 MB RAM, Application Menu INIT, hierDA INIT, MenuTime INIT. SYSTEM FOLDER: Size File Data Resource Type Creator Created Modified Desktop -- 11K INIT FNDR ? 10/11/88 NotePad File 2K 2K INIT ZSYS 2/12/88 10/11/88 8:10 Scores -- 11K RDEV ZSYS ? 10/11/88 Scrapbook File -- 2K RDEV ZSYS 10/11/88 10/11/88 8:10 Notes: Desktop and Scores are invisible files. Notepad and Scrapbook no longer have the Mac-shaped icon, instead they have an Unknown Document-type icon. QUESTION FOR THE EXPERTS: It looks like my system was invaded on Tues, Oct 11 at 8:10 p.m. The Scrapbook File was created then and modified then. I already had the Notepad File, but it was modified at the same time. I have not run the NotePad DA for months. Are the system created and modified times accurate for these files? Or does Scores somehow munge with this data? Can I reasonably assume that my system was invaded on the 11th? The reason why I ask is because on Monday evening, the 10th, I was working at a computing lab at a local campus. On Tuesday, I used my Mac, with the same floppy disk and data files that I had used at the computing lab. This was the only use I made of the computer on Tues. I strongly suspect I picked up the virus at the campus. If the experts agree with that assumption on the time of invasion, I plan on alerting the computing lab to be on the look-out for this virus. Unfortunatley, my damn hard disk is infected. I believe immediate retroactive abortion for all virus authors is appropriate. RISKS OF VIRUS DETECTORS: I have been very complacent lately as I just installed the VirusDetective DA (to try it out). I guess I was worried about viruses, but I never realized that VirusDetective DA was set up to only detect the nVIR virus. This just shows the risks of relying upon a tool I don't fully understand. As in software testing, the detectors can only show the presense of viruses, and not their absence. I interpreted the no virus found message to mean I was free of viruses. Instead, I should have thought "this tool cannot detect any viruses, but I still may have a virus." PLEA TO VIRUS AUTHORS AND POTENTIAL AUTHORS: Very few people in the Macintosh community are considered really clever (although they all did buy Macs :-). Virus authors are clever. But, so are Bill Atkinson (HyperCard), David Dunham (Acta) and Ray Lau (StuffIt). These people have written powerful, easy-to-use and clever software packages. People want the packages these folks write. People use the packages these folks write. People pay money for the packages these folks write. People praise the packages these folks write, and praise them in public. Virus authors, because they are guilty, do not come forward. Virus authors do not garner public praise. Virus authors are trying to harm people, people the virus authors don't even know. What did I ever do against you that makes you want to harm me so? You probably don't even know who I am. Or care. Why do you want to hurt me? Instead of writing something destructive, why not use your cleverness to create something constructive? Just a few clever people created the desktop publishing industry. More than a few million dollars later, these clever people have made a bundle on their creations. Instead of creating a virus, why not design a way for the handicapped to better use computers? Why not help the mute speak, the deaf hear and the blind see? Why not help environmental groups analyze the changes in our environment? Why not help non-profit organizations better organize their activities? Why not write something to aid our educators? Why not use your cleverness to create something constructive, and perhaps make a bundle of cash as well? What good does your virus do? Don't create viruses, trojan horses and any other type of destructive software. Create something useful. Something helpful. Something worth spending your time on. Off the soapbox now. Thank you in advance for any help you can give me. I plan on spending a good part of the day reading up on the Scores virus. -Eric -- Eric F. Johnson | Phone +1 612-894-0313 | Are we Prime Automation,Inc | UUCP: bungia!pai!erc | having 12201 Wood Lake Drive | UUCP: sun!tundra!pai!erc | fun Burnsville, MN 55337 USA | DOMAIN: erc@pai.mn.org | yet?
jln@eecs.nwu.edu (John Norstad) (10/15/88)
Yes, you probably picked up Scores at your campus lab. You should inform them asap. Scores does not mess with the creation and modification dates and times. If the last modification date on your Scrapbook and Notepad files was 10/11/88, 8:10 pm, then this is almost surely when your system was infected. The system on the lab machine you used was probably infected. You ran an application on your floppy on this system, and the infection spread to your application. You then took the floppy home and ran the infected application on your machine, which in turn infected your system. Nasty, isn't it? I'm sending Mr. Johnson more detailed info privately. John Norstad Academic Computing and Network Services Northwestern University Bitnet: jln@nuacc Internet: jln@nuacc.acns.nwu.edu